Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Webauth redirect loop as destination for proxypass

Fletcher Cocquyt fcocquyt at stanford.edu
Wed Jun 1 16:29:32 PDT 2011


Hi ­ the mod_webauth docs mention webauthing the proxy location and passing
the webauth user variable.
One of our developers is attempting to do the webauth on the destination
side and we are seeing an redirect loop with this type of config ­ is this
supported?
If so, what is the recommended config to not cause redirect loops?

thanks

Proxy config:

<Location /extrics/>
    ProxyPass / http://dev-lamp-11/extrics/
    ProxyPassReverse / http://dev-lamp-11/extrics/
</Location>

destination:
[root at dev-lamp-11 secure]# more .htaccess
AuthType WebAuth
Require valid-user
WebAuthLdapAttribute displayName
WebAuthLdapAttribute organizationalUnitName
WebAuthLdapAttribute suAffiliation
WebAuthLdapAttribute mail
WebAuthLdapAttribute suLocalAddress
WebAuthLdapAttribute suLocalPhone
WebAuthLdapAttribute ou


Webauth (v3.6.0) logs

[Wed Jun 01 16:19:16 2011] [debug] src/mod_auth_kerb.c(1432): [client
10.25.104.104] kerb_authenticate_user entered with user (NULL) and auth_type
WebAuth
[Wed Jun 01 16:19:16 2011] [debug] mod_webauth.c(2362): mod_webauth: in
check_user_id hook(/extrics/secure/)
[Wed Jun 01 16:19:16 2011] [error] mod_webauth: parse_app_token:
webauth_token_parse  failed: Data is incorrectly formatted (2)
[Wed Jun 01 16:19:16 2011] [debug] webkdc.c(768): mod_webauth:
mwa_get_service_token: using cached service token
[Wed Jun 01 16:19:16 2011] [debug] mod_webauth.c(1930): mod_webauth:
redirect_request_token: redirecting for id token
[Wed Jun 01 16:19:16 2011] [debug] mod_webauth.c(1952): mod_webauth:
redirect_request_token:
return_url(http://test1.stanford.edu/extrics/secure/)
[Wed Jun 01 16:19:16 2011] [debug] mod_webauth.c(1981): mod_webauth:
redirect_requst_token:
redirect(https://weblogin.stanford.edu/login/?RT=TebI9G6RCZ+gOzX6d45bVNyRSlb
mLW4TC4
[Wed Jun 01 16:19:16 2011] [warn] mod_webauth: set_pending_cookie_cb:
webauth_at=; path=/;
[Wed Jun 01 16:19:17 2011] [debug] src/mod_auth_kerb.c(1432): [client
10.25.104.104] kerb_authenticate_user entered with user (NULL) and auth_type
WebAuth
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(2362): mod_webauth: in
check_user_id hook(/extrics/secure/)
[Wed Jun 01 16:19:17 2011] [error] mod_webauth: parse_app_token:
webauth_token_parse  failed: Data is incorrectly formatted (2)
[Wed Jun 01 16:19:17 2011] [debug] webkdc.c(768): mod_webauth:
mwa_get_service_token: using cached service token
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1930): mod_webauth:
redirect_request_token: redirecting for id token
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1952): mod_webauth:
redirect_request_token:
return_url(http://test1.stanford.edu/extrics/secure/)
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1981): mod_webauth:
redirect_requst_token:
redirect(https://weblogin.stanford.edu/login/?RT=TebI9fNI2Mge7qf0WTo6hAPWPPb
C1cFBlX
[Wed Jun 01 16:19:17 2011] [warn] mod_webauth: set_pending_cookie_cb:
webauth_at=; path=/;
[Wed Jun 01 16:19:17 2011] [debug] src/mod_auth_kerb.c(1432): [client
10.25.104.104] kerb_authenticate_user entered with user (NULL) and auth_type
WebAuth
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(2362): mod_webauth: in
check_user_id hook(/extrics/secure/)
[Wed Jun 01 16:19:17 2011] [error] mod_webauth: parse_app_token:
webauth_token_parse  failed: Data is incorrectly formatted (2)
[Wed Jun 01 16:19:17 2011] [debug] webkdc.c(768): mod_webauth:
mwa_get_service_token: using cached service token
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1930): mod_webauth:
redirect_request_token: redirecting for id token
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1952): mod_webauth:
redirect_request_token:
return_url(http://test1.stanford.edu/extrics/secure/)
[Wed Jun 01 16:19:17 2011] [debug] mod_webauth.c(1981): mod_webauth:
redirect_requst_token:
redirect(https://weblogin.stanford.edu/login/?RT=TebI9br32vkdzunbdIdzdpbtv3K
W2hIUQc
[Wed Jun 01 16:19:17 2011] [warn] mod_webauth: set_pending_cookie_cb:
webauth_at=; path=/;


-- 
Fletcher Cocquyt
Senior Systems Administrator
Information Resources and Technology (IRT)
Stanford University School of Medicine

Email: fcocquyt at stanford.edu
Phone: (650) 724-7485

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20110601/28a03d79/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.jpg
Type: image/jpeg
Size: 2130 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20110601/28a03d79/attachment.jpg>


More information about the webauth-info mailing list